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DETAILED ACTION 

1 . The Amendment, and remarks therein, received on 4/1 1/2005 have been entered 
and carefully considered. 

2. The Amendment introduces new limitations into the originally sole independent 
claims 1,11 and 15. The newly introduced limitation has required a new search and 
consideration of the pending claims. The new search has resulted in newly 
discovered prior art. New grounds of rejection based on the newly discovered prior 
art follow below. 

3. Claims 1, 3-8, 10-18 have been examined. 

Drawings 

4. The drawings are objected to because Fig. 3 and Fig. 4 present two different table 
that are labeled with the same name. The specification disclose that Fig. 4 
represents "a channel key table" and not "a channel state table". 

5. Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply 
to the Office action to avoid abandonment of the application. Any amended 
replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. The 
figure or figure number of an amended drawing should not be labeled as "amended." 
If a drawing figure is to be canceled, the appropriate figure must be removed from 
the replacement sheet, and where necessary, the remaining figures must be 
renumbered and appropriate changes made to the brief description of the several 
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views of the drawings for consistency. Additional replacement sheets may be 
necessary to show the renumbering of the remaining figures. Each drawing sheet 
submitted after the filing date of an application must be labeled in the top margin as 
either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the 
changes are not accepted by the examiner, the applicant will be notified and 
informed of any required corrective action in the next Office action. The objection to 
the drawings will not be held in abeyance. 

Claim Rejections - 35 USC §112 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

6. Claims 1, 8 10-14 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to enable one skilled 
in the art to which it pertains, or with which it is most nearly connected, to make 
and/or use the invention. 

7. Claims 1, 8 10-14 recite the term hardware (and hardware mechanism) that 
performs functions such as verifying the identification of the second node, 
establishes a channel etc. However, the specification does not disclose any 
particular circuitry of the hardware (for example) that would allow one of ordinary 
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skill in the art determine how the implementation of such a hardware could satisfy 
the claim limitations. 

For purposes of further examination the phrase in conjunction with the particular 
functionality of the hardware is treated as software or processes implemented on the 
hardware. 

8. Claims 3-7 are rejected by virtue of their dependence. 

The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

9. Claims 1, 3-8 are rejected under 35 U.S.C. 112, first paragraph, as failing to comply 
with the written description requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to reasonably convey to one 
skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

10. No support is found in the specification for the newly introduced limitations in claim 
1: "sending a key, identification of the first node, and identification of the second 
node from hardware of the first node accessible. only by a kernel agent of the fist 
node to hardware of the second node accessible only by a kernel agent of the 
second node". 

1 1 . Claims 3-8 and 1 0 are rejected by virtue of their dependence. 



The following is a quotation of the second paragraph of 35 U.S.C. 112: 
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The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

12. Claims 1, 3-8, 10-18 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

13. Claims 1, 8, 11-12, 14-16 and 18. 

14. The following limitation: "the keys inaccessible by all user processes" suggests that 
keys can be accessible only for processes other than user processes. However, in 
the claim language applicant recites that keys are "for establishing a secure 
transmission channel from a user process of a first node to a user process of a 
second node", thus suggesting that user processes are able to access keys 
(possibly, delegating the accessing functions to other processes). 

1 5. For purposes of further examination the phrase is treated as "the keys are not 
directly accessibly to user processes". 

16. Claims 3-7, 10, 13 and 17 are rejected by virtue of their dependence. 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 
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17. Claims 1, 3-4, 7, 10-12, 15-16 are rejected under 35 U.S.C. 103 (a) as being obvious 
over Stein (Lincoln D. Stein, "Web Sercurity, a step-by -step reference guide", 1998, 
ISBN: 0201634899) in view of Pfleeger (Charles P. Pfleeger, "Security in 
computing", 2nd edition, 1996, ISBN: 0133374866) and further in view of Carteret 
al. (U.S. Patent No. 5845331) or alternatively in view Fontana (John Fontana, 
Defending against Outlook viruses, 

http://www.networkworld. com/a rchive/2000/999 1 4_ 07-03-2000.html, 0 7/03/00) . 

18. As per claims 1, 3-4 and 7 Stein teaches SSL transaction between a client (browser) 
and a server, wherein a key, identification of the first node, and identification of the 
second node is sent from hardware of the first node (a node hosting the client 
browser) to hardware of the second node (the node hosting the server) (pg. 41, Fig. 
3.2 transaction 6, and pg. 42 first §), receiving the key identification of the first node, 
and identification of the second node by the hardware of the second node and 
verifying the identification of the first node (pg. 41, Fig. 3.2, transaction 7, pg.42 
second §) and the identification of the second node at the hardware of the second 
node , and storing the key at the hardware of the second node (pg. 42 first §). Once 
a SSL connection is in place the secure hardware of the first hardware and the 
secure hardware of the second node establish a channel over which the process of 
the first node and the process of the second node are able to communicate (SSL 
Characteristics, in particular pg. 40). 

19. Stein does not explicitly teach that the second keys are inaccessible by all user 
processes. 



Application/Control Number: 09/876,351 Page 7 

Art Unit: 2134 

20. Pfleeger teaches Layered Trust design and suggests to separate user processes 
from security functions in order to increase system's security (Pfleeger, Layered 
Design section, pg. 302-303). As shown in Fig. 7-20 in Layered Trust design model 
"the modules of each layer perform operations of a certain degree of sensitivity"; in 
particular the processes associated with Security Functions are not accessible to 
User Processes. 

21 . Encryption/decryption keys are confidential data and it would have been obvious to 
one of ordinary skill in the art at the time of applicant's invention to separate any 
functions directed towards second keys from user processes (that reads on second 
keys inaccessible by all user processes) as taught by Pfleeger. One of ordinary skill 
in the art would have been motivated to perform such a modification in order to 
increase system's security. 

22. Stein does not explicitly teach that unauthorized processes running on the first node 
are unable to send unauthorized messages. 

23. Carter etal. and Fontana teach enabling unauthorized process running to send 
unauthorized messages. 

24. In particular, Carter etal. teach to preventing unauthorized processes to conduct 
unauthorized activities (col. 1 lines 24-35), which reads on preventing unauthorized 
processes to unable to send unauthorized messages. 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to prevent unauthorized processes running on the first node to send 
unauthorized messages. One of ordinary skill in the art would have been motivated 
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to perform such a modification in order to secure sending messages to only 
authorized processes. 

25. Also, Fontana teaches Microsoft Outlook E-mail security patch that prevents 
unauthorized processes from sending unauthorized messages (Fontana, pg. 2). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to prevent unauthorized processes running on the first node to send 
unauthorized messages as taught by Fontana. One of ordinary skill in the art would 
have been motivated to perform such a modification in order to prevent worms from 
spreading to other nodes. 

26. Fig. 7-20 (Pfleeger, pg. 302) shows that a system's hardware is accessed only by 
the system's kernel agent. 

27. Claims 1 1 and 1 5 are substantially equivalent to claim 1 ; therefore claims 1 1 and 1 5 
are similarly rejected. 

28. As per claim 10 the SSL tunnel is established for the purpose of exchanging data, 
wherein the data is encrypted. As a result processing received messages after they 
are decrypted is implicit. 

29. As per claims 5 and 6 Stein's invention is implemented using TCP/IP, which is a 
protocol that includes source and destination ports. 

30. As per claims 12 and 16 neither Stein nor Pfleeger teach a key table. However, 
storing a key for inter-node communication would have been implicit so that all data 
communication could be encrypted. Furthermore, Official Notice is taken that it is 
old and well-known practice to utilize table data structure to store data (such as key, 
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e.g. U.S. Patent No. 6178244, Fig. 23 and 36) given benefit of a quick and easy 
data retrieval using tables. 

31. Claim 8 is rejected under 35 U.S.C. 103 (a) as being obvious over Stein (Lincoln D. 
Stein, "Web Sercurity, a step-by -step reference guide", 1998, ISBN: 0201634899) in 
view of Pfleeger (Charles P. Pfleeger, "Security in computing", 2nd edition, 1996, 
ISBN: 0133374866) and Carteret al. (U.S. Patent No. 5845331) and further in view 
of Boden et al. (U.S. Patent No. 6182228) or alternatively over Stein (Lincoln D. 
Stein, "Web Sercurity, a step-by -step reference guide", 1998, ISBN: 0201634899) in 
view of Pfleeger (Charles P. Pfleeger, "Security in computing", 2nd edition, 1996, 
ISBN: 0133374866) and Fontana (John Fontana, Defending against Outlook viruses, 
http://www.networkwohd.com/archive/2000/99914_07-03-2000.html, 07/03/00) and 
further in view of Boden et al. (U.S. Patent No. 6182228). 

32. Stein, Pfleeger and Carteret al. or Fontana teach verifying the identification of the 
first node and the identification of the second node as discussed above. 

33. Stein, Pfleeger and Carteret al. or Fontana do no explicitly teach that the verifying 
the identification of the first node and the second node by comprises verifying the 
identification of the first node and the identification of the second node in a channel 
state table accessible by the hardware of the second node and inaccessible by all 
the user processes of the second node. 

34. Boden et al. teach verifying the identification of the first node and the identification of 
the second node in a channel state table (col. 3 lines 9-60). 
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It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to verify the identification of the first node and the identification of the 
second node in a channel state table as taught by Boden et al. One of ordinary skill 
in the art would have been motivated to perform such a modification in order to 
restrict the inter-node communication only to the particular nodes. 

35. Boden et al.'s invention is essentially an implementation of a firewall thus any data 
concerning the firewall (including the channel state table) should be treated as 
sensitive. As a result restricting user processes from accessing the channel state 
table would be implicit. 

36. Claims 13-14 and 17-18 is rejected under 35 U.S.C. 103 (a) as being obvious over 
Stein (Lincoln D. Stein, "Web Sercurity, a step-by -step reference guide", 1998, 
ISBN: 0201634899) in view of Pfleeger (Charles P. Pfleeger, "Security in 
computing", 2nd edition, 1996, ISBN: 0133374866) and further in view of Benedyk et 
ai (U.S. Pub. No. 20010055380) or alternatively over Stein (Lincoln D. Stein, "Web 
Sercurity, a step-by -step reference guide", 1998, ISBN: 0201634899) in view of 
Pfleeger (Charles P. Pfleeger, "Security in computing", 2nd edition, 1996, ISBN: 
0133374866) and Fontana (John Fontana, Defending against Outlook viruses, 
http://www.networkworld.com/archive/2000/99914_07-03-20 07/03/00) and 
further in view of Benedyk et ai (U.S. Pub. No. 20010055380) and Bean et al. (U.S. 
Patent No.4843541). 

37. Stein, Pfleeger and Carteret al. teach a system for inter-node communication as 
discussed above. 
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38. As per claims 13 and 17 Stein, Pfleegerand Carter etaL orBoden etai do not 
explicitly teach connection tables accessible to secure connection management 
hardware mechanisms of communicating nodes, wherein the connection tables have 
number of entries, each entry identifying one of the user processes of both 
communicating inter-nodes. 

39. Benedyk et ai teach a connection table that have number of entries, each identifying 
one of the user processes of both communicating inter-node (Benedyk et al., Fig. 8). 
It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to incorporate a connection table as taught by Benedyk et al. One of 
ordinary skill in the art would have been motivated to perform such a modification in 
order to allow easy communication in a TCP/IP based networks by providing easy 
access to access to fundamental information required in the TCP communication. 
The examiner points out that although the explicit example of the claim limitations 
were provided, defining ports in TCP/IP communication is old and well known in the 
art of computing. In fact some of the ports used by the most common applications 
are referred to as "Well-known" ports. 

40. Stein, Pfleeger, Carteret al. and Benedyk et al. do not explicitly teach that the 
connection table identifies one or more partitions of the particular node. 

41. Bean et al. teach unique partition identifiers identifying nodes partitions (col. 50 lines 
55-66). 

It would have been obvious to one of ordinary skill in the art at the time of applicant's 
invention to include partition identifiers as taught by Bean etai within the first and 
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second connection tables. One of ordinary skill in the art would have been motivated 
to perform such a modification in order to extend the security enhancement and 
operation speed to systems wherein plurality of different preferred guest 
programming systems could run simultaneously in the different partitions. 

42. Benedyk et al. do not suggest restricting access* to the connection table and as per 
claims. 

43. Also, as per claims 14 and 18 Benedyk et al. associate entries in key table with 
corresponding entries of the connection table (Benedyk et al., Fig. 7). 

Conclusion 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Peter Poltorak whose telephone number is 
(571) 272-3840. The examiner can normally be reached Monday through Thursday 
from 9:00 a.m. to 4:00 p.m. and alternate Fridays from 9:00 a.m. to 3:30 p.m. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gregory Morse can be reached on (571) 272-3838. The fax 
phone number for the organization where this application or proceeding is assigned 
is (571) 273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR 
only. For more information about the PAIR system, see http://pair-direct.uspto.gov. 
Should you have questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




